ist 3.x installation guide - philips

CSIP Level 0: This document and the information contained in it is proprietary and confidential information of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips Legal Department. This document is intended to be (a.) used by customers and is licensed to them as part of their Philips equipment purchase or (b.) used to meet regulatory commitments as required by the FDA under 21 CFR1020.30 (and any amendments to it) and other local regulatory requirements. Use of this document by unauthorized persons is strictly prohibited. ©2017 Koninklijke Philips Electronics N.V. All Rights Reserved.

Proprietary Notice: This document and the information contained in it is proprietary and confidential information of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips Legal Department. Use of this document and the information contained in it is strictly reserved for current Philips personnel and Philips customers who have a current and valid license from Philips for use by the customer’s designated in-house service employee on equipment located at the customer’s designated site. Use of this document by unauthorized persons is strictly prohibited. Report violation of these requirements to the Philips Legal Department. This document must be returned to Philips when the user is no longer licensed and in any event upon Philips’ first written request. Warranty Disclaimer: Philips provides this DOCUMENT without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Limitations of Liability: Philips has taken care to ensure the accuracy of this document. However, Philips assumes no liability for errors or omissions and reserves the right to make changes without further notice to any products herein to improve reliability, function, or design. Philips may make improvements or changes in the product(s) or program(s) described in this document at any time. CSIP Level 0: This document and the information contained in it is proprietary and confidential information of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips Legal Department. This document is intended to be (a.) used by customers and is licensed to them as part of their Philips equipment purchase or (b.) used to meet regulatory commitments as required by the FDA under 21 CFR 1020.30 (and any amendments to it) and other local regulatory requirements. Use of this document by unauthorized persons is strictly prohibited.

IST Client 3.3 Installation Guide

This document is intended to help users:

Install/setup the IST Client application

Troubleshoot installation issues

Service Key information Install drivers for service keys

Updated: 2019-05


Table of Contents IST Summary...................................................................................................................................................................... 3

What is IST/IST Client?................................................................................................................................................... 3

IST Client Installation Packages and Versions .................................................................................................................... 3

Supported OSs ............................................................................................................................................................... 3

IST 3.3 Changes/Updates: ............................................................................................................................................. 4

IST Installation ............................................................................................................................................................... 4

SUMMARY: IST Client Installation (See next section for details) .................................................................................. 5

DETAILED: IST Client Installation ................................................................................................................................. 6

Smartcard & Reader Setup/Ordering/Driver Information ........................................................................................... 13

Assigning Service Key to a User Profile ................................................................................................................... 13

Ordering Philips Service Key (Smartcard & Reader) ................................................................................................ 13

Part Number Reference Table .................................................................................... Error! Bookmark not defined.

Ordering Instructions .............................................................................................................................................. 14

Service Key Required Software/Drivers ................................................................................................................... 15

CHARGING THE SMARTCARD .................................................................................................................................. 16

Troubleshooting PDF Decryption Issues ........................................................................................................................... 18

Testing your IST Install – IST2 Test Document ............................................................................................................. 18

IST 2.0 Test Document: Success .............................................................................................................................. 20

IST 2.0 Test Document: Failure ................................................................................................................................ 20

PDF Decryption Troubleshooting ................................................................................................................................. 20

1-Adobe Preference Settings: Disabling Protected Mode ....................................................................................... 21

2-The IST Decryption Driver .................................................................................................................................... 22

3-Unauthorized Version of Adobe .......................................................................................................................... 23

APPENDIX ........................................................................................................................................................................ 25

Terms of Use ............................................................................................................................................................... 25

Privacy Notice Integrated Security Tool (IST) Solution ............................................................................................... 29


IST Summary What is IST/IST Client?

IST (Integrated Security Tool) is a set of tools and processes that are used to protect Philips CSIP (Customer

Service Intellectual Property) and manage CSIP access to authorized individuals. Philips CSIP includes software applications/tools, service manuals, documentation, training material etc., that Philips uses to service medical devices.

The IST Client is a part of this set of tools. The client is installed on end user’s computer and provides individuals the ability to open protected documentation and access other applications and service tools. The IST Client also allows engineers to maintain “service keys” which are plugged into medical equipment during service.

Philips IST Administrators control CSIP access individuals are able to use by adding entitlements to the user’s profile. The profile entitlements are then transferred to the computer running the IST Client via an encrypted IST Certificate. The IST Certificate is normally renewed automatically when an internet connection is available for 30 days and this will continue until the contracted CSIP access end date has been reached. Periodically, the IST Client software and the IST certificates need to be updated and renewed.

NOTE: IST Client version 3.3 is now released to the field. Changes to the installation procedure are documented below. IST 3.3 contains security enhancements; therefore, this update is mandatory. Be aware that previous all previous versions of IST will no longer be supported and will cease to function after the installation grace period is over. This date will be communicated to all IST Client users via email.

IST Client Installation Packages and Versions Supported OSs

IST 3.3 will be available for 64 bit Windows 7 and 10 operating systems. Philips InCenter (https://incenter.medical.philips.com), the document distribution platform for Philips, provides the most recent IST Client install packages for operating systems supported by IST. Check your system properties to verify you are using a 64 bit operating system using Computer Properties (see below).

Example:

Computer Properties: Windows 7, 64 bit


IST 3.3 Changes/Updates: 1. Contains internal security fixes 2. One user/One device

Each user is limited to installing the IST Client on one device (PC), so a user cannot install IST Client on multiple PCs using the same IST account

3. Each device is limited to one IST user account. Windows supports multiple user logins, however, now only one IST account is allowed on any single device

4. New user accounts must be initialized by an IST administrator before registration and device & certificate activation is allowed

5. IST 3.3 now requires two activation codes: a. One device activation code to register your PC to your account (see #2) and b. One certificate activation code for the IST Certificate (standard)

6. Smartcards charged with IST Client 3.3, are fully backwards compatible with all systems including ICE1 3.2 & 3.3. IST 3.2 charged smartcards will not work with any devices running IST/ICE 3.3.

7. Change Password functionality removed from IST Client, a new certificate must be requested to change passwords

8. IST 3.3 is a mandatory update, previous versions will be turned off at a future date at which older versions will stop functioning. The date will be communicated to users via email.

9. No longer supported

Virtual machine installations

32-bit Windows Operating Systems

Windows XP 10. Other bug fixes and enhancements

1 The ICE (IST for Customer Equipment) application is similar to IST Client, but runs on medical devices.

IST Installation CAUTION:

As with most software installations, an improper or incomplete un-install of an old version of software may cause issues during the install. Issues include problems decrypting IST documents, updating drivers, etc. It is strongly recommended that you un-install the old versions of IST and then REBOOT prior to installing newer versions of IST.

Also be aware that your firewall and/or proxy settings could block IST from contacting the servers. If prompts appear to allow IST services to pass through the firewall, you must allow. Your email may also redirect activation emails, check your junk folder if you do not see an email within a few minutes.

Contact Information

1. For issues related to profile setup and entitlements Contact your regional IST Administrator.

2. For installation issues Contact the GCS Helpdesk ([email protected])


SUMMARY: IST Client Installation (See next section for details) You will need:

Administrator rights on your system

An internet connection to register and receive activation codes and IST certificate.

Access to the email used in the IST Registration to receive the two (2) activation codes for your device and the IST Certificate NOTE: You will need to use your business email. Gmail, Yahoo, etc., are not appropriate.

1. If IST is installed and running: Stop IST and uninstall Philips IST in "Programs and Features".

2. Reboot your system.

3. Download a local copy of the IST Client Installation (supports 64 bit Windows 7 and 10)

4. Run the IST Install using "Run as Administrator" and follow the prompts. (See next section).

5. Reboot your system

6. Start IST and register your computer using your proper business email address.

IST Registration requires your email (business not personal) for correct setup, activation and communication.

Phone number is needed for support communications. Address information is needed for shipping of materials

if needed. See Appendix: Privacy Notice Integrated Security Tool (IST) Solution for more details.

7. Device Activation (not to be confused with Certificate Activation step 8): **

Click "Request Activation Code" button for the IST New Device Activation.

8. The activation code will be sent to your email. Enter the code in the window dispalyed and "Activate".

9. Request a new certificate and activate. **

Installation is now complete.

Test IST decryption by opening the IST2 Document.

**For New Users without a current IST User Profile If you do not have an IST Account, you will not be able to register your IST Client. Contact [email protected] and they will be able to put you in touch with the correct IST Admin that will be able to setup an account with the correct entitlements. If you have a valid IST Account, you will be allowed to register and get a new certificate.

mailto:[email protected]


DETAILED: IST Client Installation Before installation, old software should be removed and then a reboot should be performed before the new install. This can be done using the "Programs and Features" located in the Windows Control Panel. Reboot after the un-install. 1-Uninstall Software

Using Programs and Features - Uninstall SafeGuard Smartcard Provider if installed [OPTIONAL].

This is NOT a required step. Since IST Client 3.x does not need SGSCP, we suggest that you remove it. - Stop and uninstall Philips IST Client - If IST is running, Stop IST and uninstall any version(s) of IST Client from the Windows Control Panel. - To Stop If IST is running you should find a blue padlock somewhere in the System Tray. - IST running, not logged in

IST running and ready

-

- Click on the padlock if displayed to bring up the IST Control Panel. Click "Stop IST" and Close. -

- UNINSTALL IST

Go to the Windows Control Panel and then and remove the Philips IST Client Software in "Programs and Features"

2-Reboot

Rebooting will allow the removal of drivers which will allow new drivers to be installed.


3-Download local copy of the IST Install Download and save the install file to your desktop. This will help avoid network issues. Contact your IST Administrator or [email protected] if you do not have an active IST account. IST Client 3.3 is available for Windows 7 and 10, 64 bit Operating Systems: The Zeppelin scripted installation package can be found on the Zeppelin Site (internal PGN access only) and also on InCenter. The Standard (non-Zeppelin) version can be found on InCenter only.

Current release of the IST Client installations: i. Standard (Non-Zeppelin): 64 bit version 3.3.0

OSs: Win 7 (64bit) and Win 10 (64 bit)

http://incenter.medical.philips.com/doclib/getdoc.aspx?func=ll&objid=9917882&objaction=open

ii. Zeppelin: 64 bit script for version 3.3.0

OSs: Win 7 (64bit) and Win 10 (64 bit)


iii. IST FAQ


4-Run IST Install as Administrator Right click on the install file and “Run as administrator” Be sure to allow IST services to pass through the firewall if prompted. Install will vary slightly depending on the installation you are using, Standard vs. Zeppelin

FOR STANDARD INSTALL Follow the installation prompts

FOR ZEPPELIN INSTALL

Click "Yes" to install

Two windows will appear, ignore the first and click "Install" on the second.





The Zeppelin Install screen will appear and the files will be extracted to the proper location, driver loaded, services registered etc.. You do not have the ability to change the location of the install.

Standard & Zeppelin You must accept the "Terms of Use" and the "Privacy Policy" to enable the Next button to proceed. Both agreements have been added to the Appendix.

5-Reboot your system Now that the installation is complete, you should reboot your system and then complete registration of your device and get a certificate. If you do not have an existing active IST Profile with permissions, you will not be able to register.


6-Register your IST Client Device NOTE: You need to have an existing account for the registration to complete. If you do not have one, contact your regional IST Administrator for assistance. IST Client will automatically start after the reboot. This will allow you to finish the install. Continue with registration An IST Message will appear. Click OK and proceed to fill in the registration form completely and select OK.

Be sure to use your "Business" email address and Please refrain from using non-standard characters including:

& á ñ ö û etc. in any of the fields

From Should be complete, if not, registration my fail.


If successful, you will see the following… DON'T STOP You must click the "Request Activation Code" button

Check your email for the activation code, it should only take a few minutes. If the email does not appear, check you junk mail folder.

Type/paste the code into the space provided and click the "Activate" button will be enabled. You should see a "Device Activation Success" status message displayed.


Be sure to enter the correct business email address. When complete, you should see "Registration sent to server". If you are getting errors during the registration, e.g.

Queued for later upload HTTPS Error No Servers available etc.

Please try temporarily disabling any proxy servers/firewalls you have running

7-Requesting a certificate & Activation and Resetting Password Request a "New Certificate" (not Renew) allows you to reset your password as well. If a certificate is not available, click the "IST Certificate" button on the IST Control Panel. If an old certificate exists, double clicking the certificate displayed and select "New Certificate".

When the registration window appears, fill out the form or make sure the information is correct and then submit. The "IST New Certificate" window will allow you to enter in a password of your choice as long as it meets the minimum requirements. If the password does not meet requirements you will see


Once the request has been submitted, an activation window will appear. The activation code should be available in your email, check your junk mail folder as well.

Installation is now complete and the IST login screen will appear. If this is a new account, you may need to contact the GCS Helpdesk ([email protected]) to get the profile updated with new entitlements. You should be able to test IST by opening the IST2 Test document. If you cannot, please see the troubleshooting section that follows.

If you see the Test Document below, IST and the PDF Reader are working properly.

CSIP Level 0: This document and the information contained in it is proprietary and confidential information of Philips Healthcare ("Philips") and may not be reproduced, copied in whole or in part, adapted, modified, disclosed to others, or disseminated without the prior written permission of the Philips Legal

Department. This document is intended to be (a.) used by customers and is licensed to them as part of their Philips equipment purchase or (b.) used to meet regulatory commitments as required by the FDA under 21 CFR1020.30 (and any amendments to it) and other local regulatory requirements. Use of this

document by unauthorized persons is strictly prohibited. ©2017 Koninklijke Philips Electronics N.V. All Rights Reserved.

Smartcard & Reader Setup/Ordering/Driver Information Assigning Service Key to a User Profile

If you require a service key (either a parallel port key or 'a smartcard and reader') you will need to have an IST Admin assign service key's Device ID for the parallel port key or the smartcard (the smartcard reader is independent to this process) to your account. To assign a smartcard or parallel port key, the IST Certificate Device ID is required (see below) along with the IDs for the smartcard or pp key.

If you cannot see the IDs for the smartcard or pp key, you must install the proper drivers. These drivers are needed to allow IST to connect to, read and charge your devices. If these drivers are already installed, you do not need to install them again however, sometimes drivers may require update. Since the parallel port key is only being used on older legacy systems, driver installation will not be discussed here.

Ordering Philips Service Key (Smartcard & Reader) A Philips Service Key has two (2) parts

1. The full size smartcard as shown here for the 3021 reader, or the smaller sim-sized card can be broken out to be inserted into the 6121 or 6221. NOTE: Keep the full size card even if you breakout the SIM. A piece of tape can be used on the back of the full size card to set the SIM back in place to be used on a full size card reader.

2. The smartcard readers are shown below (6121, 6221, 3021). Currently shipping: Model 6121 Copyright 2016 (and higher). NOTE: The 6x21 USB Smart Card Readers bearing manufacturer’s label Copyright 2013 or later require new device drivers which means they cannot be used on Philips medical equipment until driver updates are made to those system.




To ensure ordering correct part numbers for the reader and the card, please review the following: Part Number Reference Table

Original Part Replaced By Replaced By Replaced By

Omnikey/HID USB Smartcard Reader

Model 6121 4522-210-42312

Model 6221 4598-008-81401

Model 3021 4598-010-94651

Model 6121 v2016 4598-011-72731

Smartcard Smart card Type SLE66CX322P 4522-2104-2322

Service Smart Card 4598-0088-1391

Ordering Instructions Philips Field Service Personnel Order through the Philips Parts Desk per regular service orders process. Customers & Dealer Distributors Order through the Philips Parts Desk using the Shopping Cart/PO process:

P/N Description @ Price

4598 011 72731 Smart Card Reader Contact SPS

4598 008 81391 Service Smart Card Contact SPS




Service Key Required Software/Drivers The new 6121 (Copyright 2016) reader is compatible with the "Microsoft Usbccid Smartcard Reader" drivers that should be already installed on your Windows PC and no additional drivers are needed. If the reader does not work properly, make sure the "WUDF" driver is selected.

If you are using an older style reader, an additional HID Omnikey driver needs to be installed for IST to be able to recognize, read and charge your service key. If the IST Client is not displaying the device ID for your smartcard, please make sure you have:

the latest version of IST installed and

the most recent driver for your smartcard reader. For detailed HID Driver installation details refer to:


Remember: You need admin rights on your machine to install software.

As of July 23, 2017, Version 1.2.24.27 is the most current smartcard driver version

Use the direct links below.

Operating System Driver Description Direct link to driver

32 Bit XP, Vista, Windows 7

Version 1.2.24.27, release date 13 Jun 2014. PC/SC driver for CardMan 3021, 6121, 6221, others

https://www.hidglobal.com/drivers/16251

32 Bit Windows 8

Version 1.2.24.27, release date 13 Jun 2014. PC/SC driver for CardMan 3021, 6121, 6221


32 Bit Windows 10

Version 1.2.24.27, release date 20 Mar 2014. PC/SC driver for CardMan 3021, 6121, 6221


64 Bit XP, Vista, Windows 7

Version 1.2.24.27, release date 13 Jun 2014. PC/SC driver for CardMan 3021, 6121, 6221 https://www.hidglobal.com/drivers/16252

64 Bit Windows 8

Version 1.2.24.27, release date 13 Jun 2014. PC/SC driver for CardMan 3021, 6121, 6221


64 Bit Windows 10

Version 1.2.24.27, release date 20 Mar 2014. PC/SC driver for CardMan 3021, 6121, 6221












CHARGING THE SMARTCARD NOTE: An internet connection is required to 'Renew' your IST Certificate but not to charge your smartcard 1.) Start IST and login. Open up the IST Control Panel by double clicking on the padlock icon found in the system

tray or by clicking on Start -> Zeppelin Standard Applications -> Basic Toolbox -> IST -> IST Control Panel.

2.) Double click on the IST Certificate found in the Security Devices window.

3.) In the IST Certificate Administration window click on the Renew button. 4.) From the IST Control Panel select View > IST Entitlements (you must be logged into the IST Certificate first)

5.) When your entitlements document opens, scroll to the bottom. If you have a smartcard, the ID of the card should be listed here. If not, contact [email protected]. They can assign the smartcard to your account and then you need to go back to step 3 and renew. They will need both the values shown below:





6.) Pull out the key if inserted. Once the certificate is renewed close the IST Certificate Administration window

and plug in in the Smartcard into the USB port of your computer. At this point you should see IST Smartcard Charger come up and attempt to charge the smartcard.




Troubleshooting PDF Decryption Issues Testing your IST Install – IST2 Test Document

When an IST user cannot read a protected (encrypted) document it may be caused by any of a variety of potential causes. This guide provides some simple and advanced methods to identify common causes of an IST decryption problem.

At a fundamental level, the IST Client must be installed and running to allow the user to decrypt protected documentation (see "Status" window below, "IST Client is Running"). This means that the IST Client must have a valid IST Certificate loaded on the computer or a smartcard, and the user must log into that device. By selecting the device in the IST Control Panel and clicking the "Login" button, the user can log into any of the devices listed (there can be many). Figure 1 shows both an IST Certificate and an IST Smartcard.

Figure 2: IST Control Panel Login Window

After entering the correct IST password, the device will have a status "Ready". If the password does not work or you cannot recall the password, request a new certificate (Renew will not work).

Please notice that the "Expires" date must be greater than or equal to today's date in order for IST to decrypt. If "Expired", you must get a new certificate or renew your current certificate. If the date does not update, contact [email protected].

IST Certificate, Status "Ready", "IST Client is running"




Now, if your IST Client is installed properly, you will be able to test the decryption by opening the IST 2 Test document.

Opening the IST Test Document

The IST 2.0 Test Document is encrypted, if all is well you should see the following …

IST 2.0 Test Doc Decrypted

The IST entitlements assigned to your profile will then determine what documents you will be able to view and also access to software and diagnostic tools. These entitlements are added to your profile by an IST Administrator (For questions contact [email protected]). Profiles vary based on contracts and training.

Your IST Entitlements are stored on the IST Certificate located on the computer and this certificate is copied

to your smartcard with the same entitlements, password and expiration date. To view the entitlements assigned to a particular device (certificate or smartcard), log into that device and View>IST Entitlements from the IST Control Panel. If you are logged into both a smartcard and an IST Certificate, the smartcard will take precedence.

View your Entitlements

In the figure above, we are logged into the IST Certificate and the entitlements for that device will be displayed. User information appears at the top, Document Entitlements follow. General Level 1 (or higher) will allow you to decrypt the test document which is encrypted at General Level 1. Other modalities or products can also be listed here. These settings allow users to view some encrypted documents and prevent you from opening others not specifically assigned to the IST profile.





IST Entitlements Summary

The most common issue for not being able to view encrypted documents is that IST Client not be running, or the IST certificate’s status is not ‘Ready’ (e.g. it could be ‘Expired’ or ‘Not Logged In’). In some cases, the user has not been entitled to read the particular document(s). If your profile has been modified recently, make sure that you "Renew" your certificate to download any recent changes. Double click the IST Certificate listed to open the IST Certificate Administration window. Select "Renew". This is normally done automatically every day when there is an internet connection.

IST 2.0 Test Document: Success

If the test document opens properly, that will reduce the scope of investigation substantially. It shows that all of the decryption mechanics are working properly.

IST 2.0 Test Document: Failure

If IST cannot open the test document or other encrypted document, you may see message similar to:

Adobe could not open an encrypted document

PDF Decryption Troubleshooting If a file (the test document or other) is not being displayed properly, Adobe (or other authorized readers) is trying to open an encrypted file that contains content it cannot interpret, hence the error message above. If encrypted files cannot be opened, there are different reasons:

1) Adobe Preferences settings. (See below) There are security settings in Adobe that disable the IST decryption.

2) The IST decryption driver is not installed properly. (See below) This is an installation issue, restarting IST may help. If not, the driver (not the full version of IST) can be checked and if needed, re-installed

3) The application being used to view the file is not authorized. IST will only allow approved applications to open documents. This occurs most often after an automatic update has been made from Adobe. Some updated versions must be added to the




approved reader list. 4) User does not have authorization to access the file. This means the profile does not have the

permission to open the file, the test document uses "General" which all accounts should have by default.

5) The file has reached its’ expiration. Files have an expiration to help eliminate file from being used when the content may be out of date. This means you must download a new file from InCenter.

1-Adobe Preference Settings: Disabling Protected Mode Adobe Reader and Acrobat version 10 and higher run in protected mode by default. This feature is incompatible with IST document decryption and must be disabled. To turn off protected mode:

For Adobe Reader 10:

Be sure to close all open reader windows except one to update preferences

Choose Edit > Preferences: In the Categories list on the left, select General

Deselect "Enable Protected Mode at startup"

Click OK

Close all reader windows and then restart

Disable Protected Mode, Adobe Reader 10

For Adobe Reader 11:

Be sure to close all open reader windows except one to update preferences

Choose Edit > Preferences: In the Categories list on the left, select Security (Enhanced)

Deselect Enable Protected Mode at startup

Click OK

Close all reader windows and then restart

Disable Protected Mode, Adobe Reader 11 Disable Enhanced Security, Adobe Acrobat 11




2-The IST Decryption Driver IST decryption is performed within a filesystem minifilter driver called ISTFSF. The Fltmc.exe program is a command-line utility for common minifilter driver management operations. Use Fltmc.exe to list, load or unload minifilter drivers. FLTMC stands for Filter Manager Control. There are instances where ISTFSF is not loaded properly due to restrictions, another application may be loaded and blocking install, etc. In such cases we must determine if ISTFSF is installed or not. This should only be done after the IST Client install. ISTFSF driver check

If IST is running, click the blue padlock icon in the system tray

Click the Stop button and then Close button.

Open a command prompt window o On XP open a command window as normal, or o On Win7 (higher) open an elevated command window

Elevated Win7: Right-click and select Run as Administrator

Type fltmc <Enter>

IST Decryption driver is installed and loaded

IST Decryption driver is not loaded




ISTFSF Driver Install The IST driver (ISTFSF) should be listed. If it is not, perform the following: In the command window above:

Change to the IST application directory: cd c:\Program Files\Philips\IST <Enter>

Install the driver: ISTFSFInstall i <Enter>

Load the driver: fltmc load ISTFSF <Enter>

Verify the driver is installed and loaded: fltmc <Enter>

Note any errors that occur during the procedure. If the driver is listed now, Start IST and verify the IST2 test document decrypts properly. If the driver is still not listed and/or the sequence above produced an error, reboot the machine and re-perform the procedure. If IST Client has been reinstalled without a reboot then a pre-existing IST driver has not fully DE-installed, and it prevents the updated driver from being installed. Rebooting will complete DE-installation of the driver and clear the way for installing the present driver. If there is another driver at the same altitude, 370400, contact the GCS Helpdesk for more support.

3-Unauthorized Version of Adobe First check the preferences above since it is the easiest and most common issue to resolve. However,

occasionally, a new version of Adobe Reader or Acrobat is released that hasn’t been added to the IST "Authorized Readers" list.

At the time of this writing, all versions of Adobe Reader up through 11.0 and versions of Adobe Acrobat up through 10.1.3 are in the approved list. The Authorized Readers list is compiled and stored in the user’s




IST certificate. If a new reader is added to the list, a "Renew" of the IST certificate will update the list stored on your PC. Renew your IST Certificate and test the IST2 Test Document again before proceeding.

Testing Adobe Authorization

If a reader has been updated and the IST certificate has already been renewed, with all readers closed having been closed prior to retest of decryption, and the driver is verified as loaded (see the IST decryption driver procedure below), you can perform the following to determine whether the reader is approved:

Close all opened reader windows

Enable the IST Client Verbose Logging option.

Enable verbose logging option

Stop/Start IST Client

Open the reader

Close the reader

View the IST log file

Open the IST log file

Scan through the file, probably near the end for the most recent additions to the file, looking for a recording of the reader being opened.

e.g. Process starting 4952 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

If the reader is approved, IST will immediately “attach” the reader’s process ID e.g. Attaching 4952 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

If the reader is not approved, there will not be an “attach” entry. At this point we would require a copy of the Adobe AcroRd32.exe so that we can add to the approved reader list. Contact: [email protected]

4-User does not have authorization to access the file. IST provides the permissions/entitlements to access documentation. If your entitlements do not match the document then you will not be able to open. If you feel this is the case, forward the file to the GCS Helpdesk to compare your entitlements against those on the file.

5-The file has reached its’ expiration. Files have an expiration to help eliminate the use of out-of-date files which will require that the user download another copy from InCenter. InCenter will always have the most recent published documentation. If you expect that a file is expired, download a new copy from InCenter. Expiration times differ.





APPENDIX The 'Terms of Use' and the ' Privacy Notice Integrated Security Tool (IST) Solution' provided below are for your convenience only and are valid as of December 2018. These may be updated at a future date and any changes will supersede the text shown below. The most recent version will be available on InCenter: Terms of Use:


Privacy Policy: http://incenter.medical.philips.com/doclib/getdoc.aspx?func=ll&objid=18698760&objaction=open

Terms of Use 1. Acceptance of Terms of Use 2. Modification of Terms 3. Privacy Policy 4. Disclaimers 5. Registration 6. Limitation of Liability 7. Content/Software 8. Copyright and Trademarks 9. Proprietary Rights in Application 10. Indemnification 11. Shut-Down of Site 12. Dispute Resolution 13. Severability 14. No Waiver 15. Headings.

Terms of use This Application is offered to you by Philips Medical Systems Nederland B.V., Veenpluis 4-6, 5684 PC Best, the Netherlands, the Netherlands ("Philips"). The following Terms of Use govern your access and use of this Application. Also, specific terms and conditions may apply to specific content, data, materials, tools, or information contained on, enabled by, or available through this Application (the "Content"), including but not limited to terms and conditions of license agreements and/or other transaction concluded between Philips (or its affiliates) and your employer which may also include arrangements personally signed by you. Such specific terms may be in addition to these Terms of Use and supersede these Terms of Use. 1. Acceptance of Terms of Use

By accessing or using this Application you agree to be legally bound by the Terms of Use and all terms and conditions contained or referenced herein or any additional terms and conditions set forth on this Application. If you do NOT agree to all of these terms, you should NOT access or use this Application.

2. Modification of Terms

These Terms of Use may be amended by Philips at any time. Such amended Terms of Use shall be effective upon posting. By continuing to access or use the Application after such posting, you will be deemed to have accepted such amendments. You are advised to regularly review any applicable terms and conditions

Philips reserves the right to discontinue or make changes or updates with respect to, and monitor the use of, the Application or the Content of the Application at any time without notice. Philips reserves the right to restrict, refuse or terminate access of any person to the Application or any part thereof effective immediately without notice at any time and for any reason whatsoever at its sole discretion.

3. Privacy Policy

Personal information provided or collected through or in connection with this Application shall only be used in accordance with Philips' Privacy Policy and these Terms of Use are subject to the Privacy Policy as posted on this Application.

4. Disclaimers

THE WEB SITE, ALL INFORMATION (INCLUDING, WITHOUT LIMITATION, TEXT, IMAGES, GRAPHICS, LINKS, SOURCE CODE, AND OTHER MATERIALS) ON THE APPLICATION, AND THE CONTENT, ARE PROVIDED "AS IS" AND "AS AVAILABLE". YOU EXPRESSLY AGREE THAT USE OF THIS WEB SITE AND/OR ITS CONTENT IS AT YOUR SOLE RISK. PHILIPS AND ITS SUBSIDIARIES, AFFILIATES, PARTNERS, LICENSORS, BRAND LICENSEES AND SUPPLIERS HEREBY EXPRESSLY DISCLAIM TO EXTENT PERMITTED BY LAW ALL REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR

https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fincenter.medical.philips.com%2Fdoclib%2Fgetdoc.aspx%3Ffunc%3Dll%26objid%3D18704811%26objaction%3Dopen&data=02%7C01%7C%7Cc981a7587fda4244eee408d6d4a21648%7C1a407a2d76754d178692b3ac285306e4%7C0%7C0%7C636930189949060611&sdata=bNsyXAY1NGFqdGTmNOtlyS%2FW4lWRrHMZ9gpa%2F%2F25%2FEM%3D&reserved=0

https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fincenter.medical.philips.com%2Fdoclib%2Fgetdoc.aspx%3Ffunc%3Dll%26objid%3D18698760%26objaction%3Dopen&data=02%7C01%7C%7Cc981a7587fda4244eee408d6d4a21648%7C1a407a2d76754d178692b3ac285306e4%7C0%7C0%7C636930189949060611&sdata=D%2FtnpXUL%2BPbuhL%2FnhU8N%2FrjrZtw7NaeElNL%2FPArSKjw%3D&reserved=0




PURPOSE, NON-INFRINGEMENT, OR AS TO THE OPERATION OF THIS APPLICATION, THE CONTENT OR USER CONTENT. Neither Philips nor its subsidiaries, affiliates, partners, licensors, brand licensees and suppliers warrants or makes any representations that (i) the Application will meet your requirements or expectations, (ii) the Application will be uninterrupted, timely, secure, or error free, or (iii) the results that may be obtained from the use of the Application (including any information and materials available in or enable by this Application) will be correct, complete, accurate, reliable, or otherwise meet your requirements.

Philips and its subsidiaries, affiliates, partners, licensors, brand licensees and suppliers shall have no liability for interruptions or omissions in Internet, network or hosting services and do not warrant that the Application or the services which make this Application available or electronic communications sent by Philips are free from viruses or any other harmful elements. To the extent permitted by applicable law, you understand and agree that you will be solely responsible for any damage to your business, your computer system or loss of data that results from the download of any such Content, information, data and/or software.

5. Registration

Accessing the Application requires you to open an account. You must complete the registration process by providing us with current, complete and accurate information as required by the applicable registration form. You will also be required to choose a username and a password. We will send you a confirmation e-mail with your registered information. In the event that delivery of such information fails for any reason, your access or use of areas, functions or features on the Application requiring such registration may be refused or terminated. You agree that you will promptly update your registration to keep it accurate and current, as required, and comply with other ongoing security requirements. Access to and use of password protected or secure areas of the Application are restricted to authorized users only. You agree not to share your password(s), account information, or access to the Application with any other person. You are solely responsible for maintaining the confidentiality of your password and account information, and you are responsible for all activities that occur through the use of your password(s) or account(s) or as a result of your access to the Application. If you become aware of any suspicious or unauthorized conduct concerning your account, user name and/or password, you agree to contact us immediately by e-mail to [email protected]. We may, at our own discretion, bar registration from any specific e-mail service or ISP. We reserve the right to refuse or cancel your registration if you provide inaccurate or incomplete information, do not comply with the security update procedures, or register with an email address that, in our sole discretion, is obscene, indecent, abusive or otherwise improper. This may include the use of a personal email address (such as yahoo, gmail, or others), or use of multiple email addresses for an individual. You agree not to access or use the Application in any manner that could disable, disrupt, damage, impair, or overburden any Philips accounts, software, computer systems or networks. You agree not to attempt to gain unauthorized access to any parts of the Application, Content or any Philips accounts, software, source code, computer systems or networks, or to disable, disrupt circumvent, interfere with, or otherwise violate the security of the Application, Content, or any Philips accounts, software, computer systems or networks. You agree not to interfere or attempt to interfere with the proper working of the Application or any Philips accounts, software, computer systems or networks. You agree not use any robot, spider, scraper or other automated means to access the Application, Content or any Philips accounts, software, computer systems, source code, or networks without Philips' express written permission. You agree not to obtain or attempt to obtain unauthorized access to the Application or portions of the Application that are restricted from general access or to which you do not have authorization. You further agree not to access or use any application, software, system, service, tool, data, account, or Content without authorization or for unintended purposes.

6. Limitation of Liability TO THE EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PHILIPS OR ANY OF ITS SUBSIDIARIES, AFFILIATES, PARTNERS, LICENSORS, BRAND LICENSEES OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL OR OTHER DAMAGES RESULTING FROM, ARISING OUT OF OR IN CONNECTION WITH THE ACCESS, USE OF, OR INABILITY TO ACCESS OR USE THIS WEB SITE, THE CONTENT OR THE USER CONTENT, EVEN IF PHILIPS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES EXCEPT TO THE EXTENT SUCH DAMAGES ARISE AS A RESULT OF FRAUD OR FRAUDULENT MISREPRESENTATION ON THE PART OF PHILIPS.

7. Content/Software

Any software, documentation and/or information made available or enabled for viewing, accessing, or downloading from or through this Application is licensed subject to the terms of any applicable license agreement. Certain software, documentation and information enabled by this Application or in related tools or web sites are only made available to users with an applicable license agreement. While this Application is designed to provide or enable access to users only at agree-to licensing levels, users should review software, documentation and information to ensure user should have access to it. Except as set forth in the applicable license agreement, the software, documentation, and information is made available for use by end users only and any further copying, reproduction or redistribution of the software, documentation and information is expressly prohibited. WARRANTIES, IF ANY, WITH RESPECT TO SUCH SOFTWARE, DOCUMENTATION AND INFORMATION SHALL ONLY APPLY AS EXPRESSLY SET FORTH IN THE APPLICABLE LICENSE AGREEMENT. PHILIPS HEREBY EXPRESSLY DISCLAIMS ALL FURTHER




REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE OR NON-INFRINGEMENT WITH RESPECT TO THE SOFTWARE.

8. Copyright and Trademarks

All copyright and all other proprietary rights in the Content or this Application or enabled by this Application, including but not limited to design, text, software, source code, technical drawings, configurations, graphics, other files and their order, sequence, selection and arrangement, provided by Philips, its affiliates, subsidiaries, brand licensees and/or other partners, all belong to Koninklijke Philips N.V. and / or its affiliates, brand licensees, other partners or licensors. All rights in the Content not expressly granted herein are reserved. PHILIPS is a registered trademark of Koninklijke Philips N.V. All trademarks on the Application are either trademarks or registered trademarks of Koninklijke Philips N.V. Philips or its affiliates or licensors and may not be copied, imitated, or used, in whole or in part, without the prior written permission of Philips. PHILIPS and all other registered trademarks of Koninklijke Philips N.V. and its affiliates are important assets of the company. The use and registration of the PHILIPS name as a trademark is exclusively reserved to our company. You may not register nor use a company name, statutory name, trade name, domain name or other name, indication or description, of which the Philips name or any name similar thereto or any name which consists of a part of the Philips name forms part nor shall it include any other registered trademark owned by Koninklijke Philips N.V. You shall not, and shall not permit any third party, to do any of the following without Philips' prior express written permission:

(i) Copy, reproduce or distribute the Content (ii) Assign, sub-license, lease, rent, loan, transfer, disclose, or otherwise make available the Content (iii) Modify, adapt, alter, translate, or create derivative works from any portion of the Content or (iv) Reverse assemble, decompile, disassemble or otherwise attempt to derive source code of the Content.

9. Confidentiality, Proprietary Rights in the Application

The Content of this Application includes confidential information of Philips. You shall keep the Content confidential; not disclose it to any third party other than employees within the organization of your employer who have a strict need to know and who are bound by adequate confidentiality obligations to Philips; and take all necessary reasonable safeguards to prevent unauthorized use. You acknowledge that Content included on the Application may be the subject of patents, copyrights, trademarks, trade secrets and other intellectual property rights of Philips, its subsidiaries, affiliates, brand licensees, other partners or third parties.

10. Indemnification

To the extent permitted by applicable law, you agree to indemnify and hold harmless Philips, its subsidiaries, affiliates, brand licensees, other partners and suppliers and each of their respective officers, directors, employees, shareholders, legal representatives, agents, successors and assigns, from and against any damages, liabilities, costs and expenses (including reasonable attorneys' and professionals' fees and litigation costs) that arise out of any violation of these Terms of Use by you.

11. Shut-Down of Application

We have the sole right to shut down the Application or any part thereof for any reason at any time without notice or consent. We will have no responsibility or liability attributable to such Application shut down.

12. Dispute Resolution

These Terms of Use shall be governed by and construed in accordance with the laws of the state of The Netherlands. You agree to the non-exclusive jurisdiction of the courts in Amsterdam, The Netherlands for any disputes, claim or cause of action arising out of, or relating to or in connection with these Terms of Use or your use of this Application, including any disputes relating to the existence or validity of these Terms of Use, provided that you agree to submit any such disputes, claims or causes of action exclusively to the courts of Amsterdam, The Netherlands. For avoidance of doubt, any License Agreement entered into Philips and a third party licensee will, unless otherwise explicitly stated otherwise, will be governed by the dispute resolution and/or applicable law terms specified therein.

13. Severability

If any provision of these Terms of Use is held to be invalid or unenforceable, then the invalid or unenforceable provision will be replaced by a valid, enforceable provision that most closely matches the intent of the original provision and the remaining provisions shall be enforced.

14. No Waiver

No failure on the part of Philips to enforce any part of these Terms of Use shall constitute a waiver of any of Philips' rights under these Terms of Use, whether for past or future actions on the part of any person. Neither the receipt of any funds by Philips nor the reliance of any person on Philips' actions shall be deemed to constitute a waiver of any




part of these Terms of Use. Only a specific, written waiver signed by an authorized representative of Philips shall have any legal effect whatsoever.

15. Headings

The headings of the sections of the Terms of Use are inserted for convenience only and shall not constitute a part hereof or affect in any way the meaning or interpretation of the Terms of Use.




Privacy Notice Integrated Security Tool (IST) Solution (Updated December 2018)

Philips Electronics Nederland B.V., Boschdijk 525, 5621JG, Eindhoven, the Netherlands (“Philips”), wants you to be familiar with how we collect, use and disclose information. This Privacy Notice describes our practices in connection with information that we collect through IST operated by us from which you are accessing this Privacy Notice. What Personal Data are collected?

“Personal Data” are information that identify you as an individual or relate to an identifiable individual, including: • First Name, Last Name; • Street address; • City, State: • Postal Code, Country: • Telephone number; • Email address; • IP Address; • Device unique identifiers; • Company, Job function

We may need to collect and process these types of Personal Data in order to allow you to install, register and use IST.

How are Personal Data collected?

We and our service providers may collect Personal Data in a variety of ways, including: • Through the registration form: We may collect Personal Data through the registration form, e.g., when you install

the IST Client, we would request you to register with us to continue using the solution;

• Through the use of Philips Service Tools and Remote Service Network: We may collect Personal Data through log files and relevant monitoring activities performed to carry out the delivery of the products and services offered.

If you disclose any Personal Data about other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

What is the purpose of the collection of Personal Data?

We may use Personal Data for our legitimate business interests, including the following: • To provide access to, and ensure appropriate uses of, Philips Service Tools and Customer Services’ Intellectual

Property; • To enable Audit logging and monitoring of Philips’ devices and services to support investigation of adverse events

and complaints; • To respond to your inquiries, fulfill your requests and provide you with related customer service; • To send

administrative information to you, such as changes to our terms, conditions and policies, as well as communications that we believe may be of interest;

• For our business purposes such as audits, fraud monitoring and prevention, data analytics to facilitate and advise on continued and sustained use of Philips’ or its affiliates’ products and services, developing new products, identifying usage trends, and operating and expanding our business activities.

With whom are Personal Data shared?

We may disclose your Personal Data: • To our affiliates for the purposes described in this Privacy Notice; • To our third party service providers who provide services such as data analysis, payment processing, order

fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services;

• To government agencies, authorities and courts in the enforcement, protection of or inquiry into Philips rights in and to the Web Site, it Content, or its intellectual property.

Other uses and disclosures

We may also use and disclose your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, which may include laws outside your country of residence, to respond to requests from public and government authorities, which may include authorities outside your country of residence, to cooperate with law enforcement or for other legal reasons; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others. In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).




Security We seek to use reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How can you contact us?” section below.

What are my rights?

If you would like to submit a request to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to submit a request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at [email protected].

We will respond to your request consistent with applicable law.

In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

How long will the Personal Data be kept?

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you through IST; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Use of IST by minors

IST is not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personal Data from individuals under 13.

Jurisdiction and cross-border transfer

IST is controlled and operated by us from the Netherlands and is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the Netherlands. Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using IST you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. If you are located in the EEA, your Personal Data may be transferred to our affiliates or service providers in non-EEA countries that are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as our Binding Corporate Rules for Customer, Supplier and Business Partner Data and/or standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy of these measures by following the link above or contacting [email protected]

Sensitive Personal Data

We ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through IST or otherwise to us.

Updates to this Privacy Notice

We may change this Privacy Notice. The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on IST. Your use of IST following these changes means that you accept the revised Privacy Notice.

How can you contact us?

If you have any questions about this Privacy Notice or about the way Philips uses your Personal Data, please contact our Data Protection Officer at [email protected]. Alternatively, you have the right to lodge a complaint with a supervisory authority competent for your country or region.




VERSION

Version Publication Date Author Memo

1.0 2019-07-08 [email protected] Initial release

5.0 [email protected] 3.3 install

5.1 2019-11-21 [email protected] Updates on smartcard readers

ist 3.x installation guide - philips

Documents